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m THE CLAIMS 



Please amend the claims as follows: 



1 . (Qiirently Amended) An authentication system suitable for automatically providing 
authentication to a user at a client node, the user providing a user secret and requesting access to 
network resources resident at one or more server nodes in a distributed network system, said 
authentication system comprising: 

a local application program interface for receiving the user secret, said local apphcation 
program interface in commimication with a requested network resource and the cUent node; 

a cryptography service node including means for providing a common key and algorithm, 
and means for providing a client/server session key and algorithm; and 

an authentication database in communication with said local appUcation program 
interface and with said cryptography service node, said authentication database including 

an authentication secret associated with the user; 



wherein the local application program interface sends an encrypted authentication secret, 
an encrypted common key, and the session key to the ch'ent node for use with the requested 
network resourc e, and wherein the common kev is a shared an d same key. 

2. (Original) The authentication system of claim 1 further comprising means for encrypting and 
decrypting said authentication secret using a secret store key and algorithm. 

3. (Original) The authentication system of claim 1 further comprising, 

a network resource identifier associated with said requested network resoiurce; and 
a network policy associated with the user and with said network resource 
identifier. 




\ 



means for encrypting said authentication secret using said common key and 
algorithm; and 

means for encrypting said coimnon key using said chent/server session key and 
algorithm; 
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4. (Original) The authentication system of claim 1 wherein said authentication database further 
comprises, 

a second network resource identifier associated witli a second network resOLirce; 
a second authentication secret associated with the user; and 
a second network policy associated with the user and with said second network 
resource identifier. 

5. (Original) The authentication system of claim 4 wherein said authentication database further 
comprises means for encrypting and decrypting said second authentication secret using said 
secret store key and algorithm, 

6. (Original) The authentication system of claim 4 wherein said authentication database further 
comprises means for encrypting and decrypting said second authentication secret using a second 
secret store key and algorithm. 

7. (Original) The authentication system of claim 1 wherein said cryptography service further 
comprises means for generating an authentication secret from the user secret. 

8. (Original) The authentication system of claim I wherein said common key comprises a 
symmetric key. 

9. (Currently Amended) A method fox automatically authenticating a user at a network 
client node in a distributed network system in response to a user request for access to network 
resources resident in one or mor^ server nodes, said authentication method comprising the steps 
of: 

providing a network resource identifier, a network resource policy, and an authentication 
secret to an authentication database, said network resource identifier associated 
witii the requested network resource; 

retrieving said authentication secret in response to said user request, said authentication 
secret associated with the user and with said network resource identifier; 
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encrypting said authentication secret with a common key and algorithma.wtierein the 

coiHTnon kev is a shared and $amc_key; 
encrypting said common key and algorithm with a client/server session key and 
algorithm; and 

sending said encrypted authentication secret and said encrypted common key to 
the client node, 

10. (Original) The method of claim 9 further comprising the st^s of: 
decrypting said encrypted common key using said client/server session key; 
decrypting said encrypted authentication secret using said decrypted common key and 

algorithm; and 

\ providing said decrypted authentication secret to the requested network resource. 

11. (Original) The method of claim 9 further comprising the step of accessing said network 
resource policy prior to said step of retrieving said authentication secret, said network resource 
policy associated with the user and with said network resource identifier. 

12- (Original) The method of claim 9 further comprising the steps of: 

obtaining a list of client algorithms supported by the client node; 
obtaining a list of server algorithms supported by the server node; 
comparing said list of client algorithms with said list of serv^er algorithms so as to 

determine the strongest algorithm common to both said list of client algorithms 
and said list of server algorithms; and 
using said strongest algorithm as said common key and algorithm. 

13. (Original) The method of claim 9 wherein said common key comprises a symmetric key. 

14. (Original) The method of claim 9 further comprising the steps of: 
negotiating the strongest common algorithm between server and client node; and 
using said strongest algorithm as said client/server session key and algorithm. 
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15, (Cunently Amended) A method for authenticating a client to a network resoxrrce, 
comprising: 



receiving a client request for a network resource; 

authenticating the client and creating a secure session; 

creating an authentication secret for access to the network resource; 

encrypting the authentication secret within a common key, wherein the common 
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16, (Previously Presented) The method of claim 15 further comprising, determining a strongest 
encryption and decryption algorithm supported by the client when encrypting the authentication 
secret within the common key. 

17. (Previously Presented) The method of claim 15 further comprising receiving, by the 
network resource, a decrypted version of the authentication secret from the chent and 
authenticating the client for access to the network resource based on the decrypted authentication 
secret- 

18, (Previously Presented) The method of claim 15 further comprising associating policies with 
the authentication secret, wherein the policies define access rights of the client to the network 
resource, 

19. (Previously Presented) The method of claim 15 negotiating with the client encryption and 
decryption algorithms for use in encrypting the authentication secret and the common key. 



PAGE 7110 ' RCVD AT 8/2312004 3:34:34 PM [Eastern Daylight 



09/23/04 14:36 FAX 612 33^Bb61 SCHWEGMANp LUNDBERG, WO^W @008/010 



AMENDMENT AND RESPONSE UNDER 37 CFR g 1.116 ^*>B« ^ 

Serial Number: 09/518»6«4 Oki: 1565.027US I 

Fning Date: March 3. 2000 

Tilh: APPARATUS AND METHOD FOR AUTOM ATIC AT.!. Y AUTHENTICATING A NETWORK: CLIENT 

20. (Previously Presented) The mettod of claim 15 associating the authentication secret with 




the client and the network resource and housing the association in a secret store for additional 
secure sessions established by the client 
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